8.1 About Auditing and Profiling Applications

Use the auditing and profiling tools that JDeveloper provides to analyze the health and performance of your applications. These tools help you improve the quality of your code. You can use the JDeveloper auditing feature to analyze Java code for conformance to programming standards.

Use the profiler to gather statistics on your program that enable you to more easily diagnose performance issues, such as bottlenecks by identifying methods consuming more time, which method is called the most, how memory is used, and what kind of objects are being created.

8.2 Auditing Applications

Auditing is the static analysis of code for adherence to rules and metrics that define programming standards. Auditing finds defects that make code difficult to improve and maintain. The JDeveloper auditing tools help you find and fix such defects. Code can be audited even when it is not compilable or executable.

You can create and customize profiles, choose the rules to be used, and set parameters for individual rules. Browse the audit rules and metrics to learn more about them.

An audit report displays rule violations and measurements organized as a tree. A row of the tree corresponds to either a construct or a violation, and includes any measured values for the construct or theoretical violation. A construct is a method, class, file, project, or workspace. For more information on auditing tools and steps to audit your code, see Section 18.9, "Optimizing Application Performance".

8.3 Monitoring HTTP Using the HTTP Analyzer

The HTTP Analyzer allows you to monitor HTTP traffic, for example, to:

Monitor request/response traffic between a web service client and the service.

Monitor HTTP requests between Java applications and web resources.

The HTTP Analyzer acts as a proxy between code in JDeveloper and the HTTP resource that the code is communicating with, and helps you to debug your application in terms of the HTTP traffic sent and received.

When you run the HTTP Analyzer, there are a number of windows that provide information for you.

8.3.1 How to Use the Log Window

When you open the HTTP Analyzer from the Tools menu, the HTTP Analyzer log window appears, illustrated in Figure 8-1. By default its position is at the bottom center of JDeveloper, alongside the other log windows.

Figure 8-1 HTTP Analyzer Log Window

When HTTP Analyzer runs, it outputs request/response messages to the HTTP Analyzer log window. You can group and reorder the messages:

To reorder the messages, select the Sequence tab, then sort using the column headers (click on the header to sort, double-click to secondary sort).

To group messages, click the Correlation tab.

To change the order of columns, grab the column header and drag it to its new position.

Table 8-1 HTTP Analyzer Log Window Toolbar Icons

Icon

Name

Function

Analyzer Preferences

Click to open the HTTP Analyzer Preferences dialog where you can specify a new listener port, or change the default proxy. An alternative way to open this dialog is to choose Tools > Preferences, and then navigate to the HTTP Analyzer page. For more information, see

Create New Request

Click to open the HTTP Analyzer Test window, where you enter payload details, and edit and resend messages.

Start HTTP Analyzer

Click to start the HTTP Analyzer running. The monitor runs in the background, and only stops when you click Stop or exit JDeveloper. If you have more than one listener defined clicking this button starts them all. To start just one listener, click the down arrow and select the listener to start.

Stop HTTP Analyzer

Click to stop the HTTP Analyzer running. If you have more than one listener running, clicking this button stops them all. To stop just one listener click the down arrow and select the listener to stop.

Send Request

Click to resend a request when you have changed the content of a request. The changed request is sent and you can see any changes in the response that is returned.

8.3.2 How to Use the Test Window

An empty HTTP Analyzer test window appears when you click the Create New Request button in the HTTP Analyzer Log window. A test window showing details of the request/response opens when you choose Test Web Service from the context menu of a web service container in the Application Navigator, or when you double-click a line in the HTTP Analyzer Log Window, illustrated in Figure 8-2. By default, its position is in the center of JDeveloper, in the same place that the source editor appears.

Figure 8-2 HTTP Analyzer Test Window

The test window allows you examine the headers and parameters of a message. You can test the service by entering a parameter that is appropriate and clicking Send Request.

The tabs along the bottom of the test window allow you choose how you see the content of the message. You can choose to see the message as:

8.3.3 How to Use the Instances Window

When you open the HTTP Analyzer from the Tools menu, the HTTP Analyzer Instances window appears. By default, its position is at the bottom center of JDeveloper, as a tab alongside the HTTP Analyzer log window. This window provides information about the instances of the HTTP Analyzer that are currently running, or that were running and have been stopped. The instance is identified by the host and port, and any rules are identified. You can start and stop the instance from this window.

Figure 8-3 HTTP Analyzer Instances Window

You create a new instance in the HTTP Analyzer dialog, which opens when you click the Create New Request button.

Table 8-2 HTTP Analyzer Instances Window Toolbar Icons

Icon

Name

Function

Analyzer Preferences

Click to open the HTTP Analyzer dialog where you can specify a new listener port, or change the default proxy.

Create New Request

Click to open a new instance of the HTTP Analyzer Test window, where you enter payload details, and edit and resend messages.

Start HTTP Analyzer

Click to start the HTTP Analyzer running. The monitor runs in the background, and only stops when you click Stop or exit JDeveloper. If you have more than one listener defined clicking this button starts them all. To start just one listener, click the down arrow and select the listener to start.

Stop HTTP Analyzer

Click to stop the HTTP Analyzer running. If you have more than one listener running, clicking this button stops them all. To stop just one listener click the down arrow and select the listener to stop.

8.3.4 What Happens When You Run the HTTP Analyzer

When you start the HTTP Analyzer, all Java processes and application server activity with JDeveloper will send their traffic via the HTTP Analyzer, using the proxy settings in the HTTP Analyzer dialog, which opens when you click the Start HTTP Analyzer button in the Instance or Log window, or from the HTTP Analyzer page of the Preferences dialog. By default, the HTTP Analyzer uses a single proxy on an analyzer instance (the default is 8099), but you can add additional proxies of your own if you need to.

Each analyzer instance can have a set of rules to determine behavior, for example, to redirect requests to a different host/URL, or to emulate a web service.

8.3.5 How to Specify HTTP Analyzer Settings

By default, the HTTP Analyzer uses a single proxy on an analyzer instance (the default is 8099), but you can add additional proxies of your own if you need to.

To set HTTP Analyzer preferences:

Open the HTTP Analyzer preferences dialog by doing one of the following:

Choose Tools > Preferences to open the Preferences dialog, and navigating to the HTTP Analyzer page.

For more information at any time, press F1 or click Help from the HTTP Analyzer preferences dialog.

To create a new HTTP Analyzer instance, that is a new listener, click Add. The new listener is listed and selected by default for you to change any of the values.

8.3.7 How to Configure External Web Browsers

You can use external web browsers to route messages through the HTTP Analyzer so that you can see the traffic between the web browser and client. This section describes how you can use a profile in Firefox so that when you start the HTTP Analyzer and run an HTML or JSP or JSF page from within JDeveloper, a new instance of Firefox using the Debugger profile is started.

Note:

The steps below use the command firefox, which is correct for Linux. If you are using Windows, use firefox.exe.

To configure a Firefox profile for the HTTP Analyzer:

First you create a new Firefox profile. By default, starting Firefox from the command line opens a window on your currently open instance of Firefox, so you need to use -no-remote to create a separately configured instance Run the following from the command line

firefox -no-remote -CreateProfile Debugging

Start Firefox using this profile

firefox -no-remote -P Debugging

Next you configure JDeveloper to start this version of Firefox. From the main menu, choose Tools > Preferences.

In the Preferences dialog, select the Web Browser and Proxy node. For more information, press F1 or click Help from within the dialog page.

In the Browser Command Line, enter or browse to the correct location, and enter firefox -no-remote -P Debugging. JDeveloper underlines this in red, and when you close the dialog you will see a Command Line Validation Error warning which you can safely ignore.

Click OK. When you start the HTTP Analyzer and run an HTML or JSP or JSF page from within JDeveloper, a new instance of Firefox using the Debugger profile is started.

Click OK. When you start the HTTP Analyzer and run an HTML or JSP or JSF page from within JDeveloper, a new instance of Firefox using the Debugger profile is started.

8.3.8 Using SSL

You can use the HTTP Analyzer with secured services or applications, for example, web services secured by policies. JDeveloper comes with a set of preconfigured credentials, HTTPS Credential, which is always present. You cannot delete or edit HTTPS Credential, but you can copy it to create a new credential of the same type.

Once you have configured the credentials, you can choose which to use in the HTTP Analyzer Test window.

8.3.8.1 HTTPS Keystore

HTTPS encrypts an HTTP message prior to transmission and decrypts it upon arrival. It uses a public key certificate signed by a trusted certificate authority. When the integrated application server is first started, it generates a DemoIdentity that is unique to your machine, and the key in it is used to set up the HTTPS channel.

The client keystore identity is used for configuring HTTPS. The server keystore identity is used when the HTTP Analyzer is acting as a server; it is not used when connecting to a remote server.

The client keystore, containing the certificates of all the hosts to be trusted by JDeveloper and the Analyzer (client trust) when it makes onward connections.

The server keystore, containing a key that the Analyzer can use to authenticate itself to calling clients (server keystore).

The client keystore is only required when mutual authentication is required.

8.3.8.2 Username Token

Username token is a way of carrying basic authentication information. You supply a username/password to provide authentication.

8.3.8.3 X509 Certificates

X509 is a PKI standard for single sign-on, where certificates are used to provide identity, and to sign and encrypt messages. You enter details of an X509 certificate. When you supply a valid keystore and the password for the keystore, the client key aliases are populated.

If JDeveloper has any problems finding and opening the keystore, error messages will be displayed.

8.3.8.4 STS Configuration

A Secure Token Service (STS) is a web service that issues and manages security tokens over HTTPS. You enter the Security Token Server provider URL and optionally a policy URL.

Note:

The client truststore must contain the server public key, otherwise when the HTTP Analyzer requests the SAML token it will fail.

8.3.8.5 How to Use HTTPS

To configure the HTTP Analyzer to use different HTTPS values:

From the main menu, choose Tools > Preferences.

In the Preferences dialog, select the Credentials node. For more information, press F1 or click Help from within the dialog page.

Enter the new keystore and certificate details you want to use.

8.3.8.6 How to Configure Credentials for Testing Web Service Policies

You can use the HTTP Analyzer to test web services that are secured using policies.

Note:

You cannot use the HTTP Analyzer with JAX-RPC web services that are secured with WebLogic 9.x policies. WebLogic 9.x policies are deprecated for JAX-RPC.

The HTTP Analyzer supports:

HTTPS. The message is encrypted prior to transmission using a public key certificate that is signed by a trusted certificate authority. The message is decrypted on arrival.

Username token. This is a way of carrying basic authentication information using a token based on username/password.

X509. This is a PKI standard for single sign-on authentication, where certificates are used to provide identity, and to sign and encrypt messages.

STS. Security Token Service (STS) is a web service which issues and manages security tokens.

You choose the credentials to use in the HTTP Analyzer Test window.

To add authentication information to the HTTP Analyzer:

Choose Tools > Preferences to open the Preferences dialog, and navigate to the Credentials page. For more information at any time, press F1 or click Help from the Preferences dialog.

Enter the authentication information that is appropriate for the web service.

8.3.9 How to Run the HTTP Analyzer

The HTTP Analyzer allows you to view the content of request and response HTTP messages.

Start the HTTP Analyzer by clicking the Start HTTP Analyzer button. By default, this starts the listener on your localhost's hostname on port 8098. You can add new listeners, and use different hosts and ports, configure HTTPS, or set up rules to determine how the analyzer works.

Run the class, application, web service and so on that you want to analyze in the usual way.

Each request and response packet is listed in the HTTP Analyzer Log window, and detailed in the HTTP Analyzer Test Window.

If you are using the HTTP Analyzer to examine how a web service developed in JDeveloper works, the HTTP Analyzer starts automatically when you choose Test Web Service from the context menu of the web service in the Application Navigator.

8.3.10 How to Debug Web Pages Using the HTTP Analyzer

You can use the HTTP Analyzer when you are debugging Web pages, such as HTML, JSP, or JSF pages. This allows you to directly examine the traffic that is sent back and forth to the browse.

To debug Web pages using the HTTP Analyzer:

Configure a browser to route messages through the HTTP Analyzer so that you can see the traffic between the web browser and client.

Start the HTTP Analyzer running.

Run the class, application, or Web page that you want to analyze in the usual way.

Each request and response packet is listed in the HTTP Analyzer Log window, and detailed in the HTTP Analyzer Test Window.

8.3.11 How to Edit and Resend HTTP Requests

You can edit the contents of a HTTP request and resend it. You can then examine the response to see whether the changes you expect have occurred.

To send a request:

In the Request pane of the HTTP Analyzer Test window, enter parameter values.

Click the Send Request button.

The processed value is returned in the Response pane.

To edit and resend a request:

In the Request pane of the HTTP Analyzer Test window, click Copy Request. This opens a new test window, where you can enter a new parameter to send.

Alternatively, you can open a new test window by double-clicking a line in the HTTP Analyzer Log window.

8.3.12 How to Use Rules to Determine Behavior

You can set rules so that the HTTP Analyzer runs using behavior determined by those rules. You can set more than one rule in an HTTP Analyzer instance. If a service's URL matches a rule, the rule is applied. If not, the next rule in the list is checked. If the service does not match any of the rules the client returns an error. For this reason, you should always use a Pass Through rule with a blank filter (which just passes the request through) as the last rule in a list to catch any messages not caught by the preceding rules.

The types of rule available are:

Pass Through Rule

Forward Rule

URL Substitution Rule

Tape Rule

8.3.12.1 Using the Pass Through Rule

The Pass Through simply passes a request on to the service if the URL filter matches. When you first open the Rule Settings dialog, two Pass Through Rules are defined:

The first has a URL filter of http://localhost:631 to ignore print service requests.

The second has a blank URL filter, and it just which just passes the request to the original service. This rule should normally be moved to end of the list if new rules are added.

8.3.12.2 Using the Forward Rule

The Forward rule is used to intercept all URLs matched by the filter and it forwards the request on to a single URL.

8.3.12.3 Using the URL Substitution Rule

The URL Substitution rule allows you to re-host services by replacing parts of URL ranges. For example, you can replace the machine name when moving between the integrated application server and Oracle WebLogic Server.

8.3.12.4 Using the Tape Rule

The tape rule allows you to run the HTTP Analyzer in simulator mode, where a standard WS-I log file is the input to the rule. When you set up a tape rule, there are powerful options that you can use:

Loop Tape, which allows you to run the tape again and again.

Skip to matching URL and method, which only returns if it finds a matching URL and HTTP request method. This means that you can have a WSDL and an endpoint request in the same tape rule.

Correct header date and Correct Content Size, which allow you change the header date and content size of the message to current values so that the request does not fail.

An example of using a tape rule would be to test a web service client developed to run against an external web service.

To test a web service client developed to run against an external web service:

Create the client to the external web service.

Run the client against the web service with the HTTP Analyzer running, and save the results as a WS-I log file.

You can edit the WS-I file to change the values returned to the client.

In the HTTP Analyzer page of the Preferences dialog, create a tape rule.

Ensure that it is above the blank Pass Through rule in the list of rules.

In the Rule Settings dialog, use the path of the WS-I file as the Tape path in the Rule Settings dialog.

When you rerun the client, it runs against the entries in the WS-I file instead of against the external web service.

There are other options that allow you to:

Correct the time and size of the entries in the WS-I log file so the message returned to the client is correct.

Loop the tape so that it runs more than once.

Skip to a matching URL and HTTP request method, so that you can have a WSDL and an endpoint request in the same tape rule.

Note:

Tape Rules will not work with SOAP messages that use credentials or headers with expiry dates in them.

8.3.13 How to Set Rules

You can set rules so that the HTTP Analyzer runs using behavior determined by those rules. Each analyzer instance can have a set of rules to determine behavior, for example, to redirect requests to a different host/URL, or to emulate a web service.

Alternatively, the HTT Analyzer automatically opens when you choose Test Web Service from the context menu of a web service container in the Application Navigator.

Click the Analyzer Preferences button to open the HTTP Analyzer preferences dialog, in which you can specify a new listener port, or change the default proxy.

Alternatively, choose Tools > Preferences, and then navigate to the HTTP Analyzer page.

Click Configure Rules to open the Rule Settings dialog in which you define rules to determine the actions the HTTP Analyzer should take. For more help at any time, press F1 or click Help in the Rule Settings dialog.

In the Rule Settings dialog, enter the URL of the reference service you want to test against as the Reference URL. This will help you when you start creating rules, as you will be able to see if and how the rule will be applied.

Define one or more rules for the service to run the client against. To add a new rule, click the down arrow next to Add, and choose the type of rule from the list. The fields in the dialog depend on the type of rule that is currently selected.

The rules are applied in order from top to bottom. Reorder them using the up and down reorder buttons. It is important that the last rule is a blank Pass Through rule.

8.3.14 Using the HTTP Analyzer with Web Services

This section contains information about using the HTTP Analyzer with web services developed in JDeveloper. In general, you can use HTTP Analyzer to examine the content of web services in the same way as using it to examine any packets across HTTP.

Note:

You cannot use the HTTP Analyzer to test JAX-RPC web services that have WebLogic Server 9.x policies attached. WebLogic 9.x policies have been deprecated in JAX-RPC.

8.3.14.1 Testing Web Services with the HTTP Analyzer

JDeveloper allows you to test web services using the HTTP Analyzer to examine the network traffic of a proxy connecting to a web service developed in JDeveloper.

To test a web service:

Run the web service on the integrated application server and open the HTTP Analyzer by right-clicking the web service node in the Application Navigator, and choosing Test Web Service. JDeveloper automatically:

Starts the integrated application server, if it is not already running.

Compiles and binds the web service application to the integrated application server, which you can see in the Application Server Navigator.

Displays a Log window for the integrated application server (if there is not one already open).

Enter a parameter to test the service in the Request pane of the HTTP Analyzer Test window and click Send Request.

The response from the deployed web service is displayed in the Response pane of the HTTP Analyzer Test window.

You can examine the contents of the HTTP headers of the request and response packets to see the SOAP structure, the HTTP content, the Hex content or the raw message contents by choosing the appropriate tab at the bottom of the HTTP Analyzer Test window.

8.3.14.2 Using the HTTP Analyzer with RESTful Web Services

You can use the HTTP Analyzer to interact with RESTful web services. Representational State Transfer (REST) describes any simple interface that transmits data over a standardized interface (such as HTTP) without an additional messaging layer, such as SOAP. REST provides a set of design rules for creating stateless services that are viewed as resources, or sources of specific information, and can be identified by their unique URIs. A client accesses the resource using the URI, a standardized fixed set of methods, and a representation of the resource is returned. The client is said to transfer state with each new resource representation.

When using the HTTP protocol to access RESTful resources, the resource identifier is the URL of the resource and the standard operation to be performed on that resource is one of the HTTP methods: GET, PUT, DELETE, POST, or HEAD.

The HTTP Analyzer has support for Hypermedia as the Engine of Application State (HATEOAS), and so you can examine and test RESTful web services using the HTTP Analyzer.

Jersey and WADL

Before you can create RESTful web services in JDeveloper, you need to download and add to your project the Jersey JAX-RS Reference Implementation (RI).

A Web Application Description Language (WADL) is an XML file created by Jersey that provides a description of the resources in the servlet. For more information about WADL, see https://wadl.dev.java.net/.

Testing a RESTful Service

An outline of testing a RESTful service using WADL is given here, with more detailed steps in the procedure below. Not all RESTful services work this way. The HTTP Analyzer reads a WADL created by Jersey for the RESTful web service, and you examine the WADL in the HTTP Analyzer Test window. From the WADL, you can open an instance of the HTTP Analyzer Test window directly from a method, and test the method by entering a parameter and posting it to the service. The HTTP Analyzer redirects the response to a new URL which it displays, and when you click on it another instance of the HTTP Analyzer Test window opens with the response. Once you have finished, you use the WADL to locate the new resource that the HTTP Analyzer created to test the service and delete it.

Example 8-1 provides an example of a WADL document which uses POST, GET and DELETE.

Right-click the web service node in the Application Navigator, and choose Test Web Service. JDeveloper automatically:

Starts the integrated application server, if it is not already running.

Compiles and binds the web service application to the integrated application server instance, which is the IntegratedWebLogicServer node in the Application Server Navigator.

Displays a Log window for the integrated application server (if there is not one already open).

Click the HTTP Content tab in the HTTP Analyzer Test window. RESTful web services do not use SOAP, so you will not use the SOAP Structure tab.

In the Log window for the integrated application server, click the link next to Target Application WADL. A second instance of the test window opens. Notice that the URL displays the WADL, and the Method is GET.

Click Send Request. The GET method is used to return the content of the WADL so that it is displayed in the Response pane.

If necessary, use the left arrow to maximize the width of the pane to see the code more clearly.

To test the RESTful service:

In the WADL displayed in the Response pane, press Ctrl+mouse-click to use the Go to declaration feature to reveal parts of the HTTP message that can be accessed. Click on a POST method that is now revealed as a link. This opens a new instance of the test window.

Enter a parameter in the Request pane, and click Send Request. The POST method is used, and the Request pane displays a 201 Created HTTP status code along with the location of the URL that contains the response.

Click on the URL in the Response pane. Another instance of the test window opens. Notice that the URL displays the redirected URL, and the Method is GET. Click Send Request, and the response to the parameter you entered is displayed in the Request pane.

Note:

When you click on the WADL, the correct content-type and accept headers will be generated.

To work with the resource:

Select the test window instance for the WADL, and navigate to the GET method. Press Ctrl+mouse-click to open a new instance of the test window. Notice that the URL displays the redirected URL, and the Method is GET.

You can update the resource by choosing PUT from the Method list, and click Send Request.

In order to delete this resource, choose DELETE from the Method list, and click Send Request.

8.3.15 Using the HTTP Analyzer with WebSockets

The content of the request response stream will be available in the HTTP Analyzer after you close and reopen the message. The WebSockets messages are those with a response code of 101.

8.3.16 Reference: Troubleshooting the HTTP Analyzer

This section contains information to help resolve problems that you may have when running the HTTP Analyzer.

8.3.16.1 Running the HTTP Analyzer While Another Application is Running

If you have an application waiting for a response, do not start or stop the HTTP Analyzer. Terminate the application before starting or stopping the HTTP Analyzer.

8.3.16.2 Changing Proxy Settings

When you use the HTTP Analyzer, you may need to change the proxy settings in JDeveloper. For example:

If you are testing an external service and your machine is behind a firewall, ensure that the JDeveloper is using the HTTP proxy server.

If you are testing a service in the integrated application server, for example when you choose Test Web Service from the context menu of a web service in the Application Navigator, ensure that JDeveloper is not using the HTTP proxy server.

you probably need to add localhost|127.0.0.1 to the proxy exclusion list.

To set the HTTP proxy server and edit the exception list:

Choose Tools > Preferences, and select Web Browser/Proxy.

Ensure that Use HTTP Proxy Server is selected or deselected as appropriate.

Add any appropriate values to the Exceptions list, using | as the separator.

In order for Java to use localhost as the proxy ~localhost must be in the Exceptions list, even if it is the only entry.

8.4 Profiling Applications

The Profiler monitors and logs a running program's use of processor and memory resources. It gathers statistics that enables you to more easily diagnose the performance issues and correct the inefficiencies in your code.

JDeveloper offers two kinds of profilers: The CPU Profiler and the Memory Profiler, for local as well as remote profiling.

The CPU Profiler is used to analyze your application's impact on the processor. Use the CPU Profiler to test functions of your application, such as startup and initialization, repainting, and compiling.

The Memory Profiler provides a visual and statistical analysis of how your program utilizes memory in the Java heap. Use the Memory Profiler to track down and isolate memory leaks in your program.